Six Difficult Questions to Ask About Data Governance

By Chris Preimesberger |
Posted 2007-07-03

Six Difficult Questions to Ask About Data Governance

SAN FRANCISCOWith industry analysts warning that business data continues to fill up storage at an average of 60 percent per year, enterprises of all sizes eventually need to make a strategic decision: Will they take better control over the organization of their data as it comes into the system, or will the data simply keep piling up in servers and storage without a clue about access and security?

Steven Adler, IBMs program director of data governance solutions, suggests that being proactive and assessing the notion of "data governance" as soon as possible is a key move for a business of any size.

"Were really talking about organizing human beings to affect certain outcomes. And thats all about behavior," Adler said. "Were coming to this issue of governance because stovepiped management approaches to data and all of its different dimensions arent working."

Adler spoke in keynote addresses last week at both the Data Governance Conference at the Mikayo Hotel here and at the Burton Group Catalyst Conference at the Hilton.

Loosely defined, data governance is managing data as an enterprise asset and controlling operational risk. It means safeguarding corporate information, keeping auditors and regulators satisfied, and using improved data quality to retain customers and drive new business opportunities.

CA, one of the top vendors in the data governance sector, believes that data governance is the bridge between the business people and processes and the IT system of a company. No matter how it is defined, data governance involves work to improve the quality of information stored on databases and typically includes the creation of a team of IT professionals whose sole job is to boost the reliability of the data and improve access to the content.

Among the technologies utilized to support such efforts are software tools used for tracking the manner in which employees are looking at files, and how they behave while logged into databases. CA, IBM, Hewlett-Packard, Oracle, Hitachi Data Systems, Symantec and Scentric are among the market leaders in the sector.

"Were beginning to realize that the category of data is much broader than we thought," Adler said. "This is not just about customer data or employee data, structured and unstructured; its also about video and audio, print, protocols, messages and e-mailand even software code."

Data is anything that runs on a computer that is created by a person or another computer, Adler said. "All of those different classificationsfor different companies and individualshave value, and also liability," he said. "Management should be concerned with all of it. Thats why we need a governance approach."

Organizations, like governments, have interest groups, Adler said.

"Factions are a way of life for any large organization. You have governance to recognize them and to deal with them," he said. "All these different constituentswhether its security, data quality, data management, data architecture or risk managementall these constituents are key players."

Policy is the articulation of a decision a governing body makes, Adler said. "That could be in the form of a standard, architecture or written policy or ruleor just a memo: Were going to use this vendor as opposed to that one. Thats a policy decision," Adler said.

Sometimes those decisions are made by individuals, but "we hope more often theyre made by groups," Adler said. "Groups seeking to hear different points of view and reach a consensus. The act of sharing common interests and deciding on a common goalthat is the nature of governance."

Adler said every company should ask itself to identify the following six data governance issues:

Do you have a government? "Whats its political structure? Who are the players? Are we going to go deep on a few categories, or are we going to go wide on all of them? Companies need to know whos in and whos out [regarding decision-making]," Adler said.

The Value of Data

Have you surveyed your situation? "If you have a government, how do we know what were doing is right?" he said. "What benchmarks are available?"

Do you have a strategy? "Benchmarks like the Data Governance Maturity Model (PDF format) are a great way to get started," Adler said. "Fifty-five companies have collaborated on different behaviors they have observed as being indicative of different levels of maturity. Thats a great assessment tool to compare to your own structure, your own program. You can say, Hey, where do we stack up? Are we initial, are we defined, are we managed, are we Level 1, Level 2, Level 3? ... Once you know that, you can decide on a strategy."

"Thats a nice point on the horizon that everybody can visualize, but its not so far away that its Utopian, but its still far enough away that it doesnt threaten anybody," Adler said. "When a company decides where it wants to go, that becomes the basis for a plan."

That plan leads to these three questions, Adler said:

Have you calculated the value of your data?

Do you know the probability of your risk?

Are you monitoring the efficacy of your controls?

"Typically, theres not a lot of clear thinking on this subject [the value of data]," Adler said. "You really cant figure out what datas worth until you put a price on it. We determine value in this society based on what someone is willing to pay for it. People make that decision on a daily basis around data.

"You pick up a San Francisco Chronicle or a San Jose Mercury News, youre going to pay a buck for it. Thats what the data in that paper is worththats the market value of it."

If you buy a song on iTunes, Adler said, "its $1.29 for a copy-protected version and $1.39 for an unprotected EMI version. Someones making a qualitative decision about what type of data they want, and theyre paying for it, because thats digital data. Same is true for video, or for 512 square meters of digital land on Second Life."

The problem in most companies, Adler said, is that "we dont have that mechanism [to determine data value] internally. And the lack of a mechanism to define a price that any individual is going to pay for data means that we cant account for its value, not really.

"So what I urge companies to do is think about developing content-level agreements, like a service-level agreement, but for a certain quality of data. Get your customers to pay not only for quality of service but for quality of data," Adler said.

To help make governance decisions across a large enterprise, "you need to have some kind of tool that aggregates vast amounts of information, folds it together, lets you correlate it and helps you identify those behaviors," Adler said. "We have that data in databases, audit logs, business process logs, middleware, event logsbut oftentimes we just leave it in our own repositories and we dont collect it."

One way to monitor the controls is to aggregate it all in a common repository, analyze it, correlate it, generate reports and notify people about indicative patterns of behavior, Adler said.

And thats why all the IT companies mentioned above are happy to talk to enterprises.

Check out eWEEK.coms for the latest news, reviews and analysis on enterprise and small business storage hardware and soft